安裝前先確認已經安裝以下套件 yum install openssl openssl-devel sendmail sendmail-devel
設定 SPF 只是在 DNS 內增加兩行有關 mail server 的定義
-
-
-
產生給 BIND 的資訊: everplast.net. IN TXT "v=spf1 a mx include:everplast.com.tw include:e-plast.com.tw ~all"
mail.everplast.net. IN TXT "v=spf1 a -all"
-
在 everplast.net 的 DNS 定義檔 1) 增加這兩行
;
; Mail Server
;
@ A 192.168.0.250
@ IN MX 10 mail
everplast.net. IN TXT "v=spf1 a mx include:everplast.com.tw include:e-plast.com.tw ~all"
mail IN A 192.168.0.251
mail IN MX 10 mail
mail.everplast.net. IN TXT "v=spf1 a -all"
;
-
定義完成後, 重新啟動 named
service named restart
-
使用 nslookup 確認設定是否正確
[root@ag320-mail data]# nslookup
> set type=TXT
> everplast.net
Server: 192.168.0.251
Address: 192.168.0.251#53
everplast.net text = "v=spf1 a mx include:everplast.com.tw include:e-plast.com.tw ~all"
> mail.everplast.net
Server: 192.168.0.251
Address: 192.168.0.251#53
mail.everplast.net text = "v=spf1 a -all"
-
透過 mail.everplast.net 寄信到 check-auth@verifier.port25.com 可得到設定結果的回信. 內容如:
:
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
:
-
下載安裝 dkim-milter
-
使用原始碼安裝程序wget http://downloads.sourceforge.net/project/dkim-milter/DKIM%20Milter/2.8.3/dkim-milter-2.8.3.tar.gz
tar -zxvf dkim-milter-2.8.3.tar.gz
cd dkim-milter-2.8.3
cp site.config.m4.dist site.config.m4
vi site.config.m4 :
define(`bld_LIBDKIM_SHARED', `true')
:
dnl OpenSSL -- cryptography library
APPENDDEF(`confINCDIRS', `-I/usr/include/openssl ')
APPENDDEF(`confLIBDIRS', `-L/usr/lib ')
:
dnl libmilter -- Sendmail's milter library
APPENDDEF(`bld_dkim_filter_INCDIRS', `-I/usr/include/libmilter')
APPENDDEF(`bld_dkim_filter_LIBDIRS', `-L/usr/lib')
: cp site.config.m4 devtools/Site/
sh Build
sh Build install
(http://brneurosci.org/linuxsetup97.html) --- //[[tryweb@ichiayi.com|蔡宗融]] 2009-08-06 06:43//
-
使用 rpm 安裝程序
wget http://www.ichiayi.com/wiki_file/dkim-milter-2.8.3-1.x86_64.rpm
rpm -ivh dkim-milter-2.8.3-1.x86_64.rpm
-
-
將產生結果的 Private Key 貼到 mail server 內的 /etc/mail/dkim/keys/everplast.net/key1 並設定權限
mkdir -p /etc/mail/dkim/keys/everplast.net
vi /etc/mail/dkim/keys/everplast.net/key1
chmod 600 /etc/mail/dkim/keys/everplast.net/key1
chown -R dkim-milt:dkim-milt /etc/mail/dkim/keys
-
將產生結果的 domainkey 放入 everplast.net DNS 定義檔內
;
; Mail Server
;
@ A 192.168.0.250
@ IN MX 10 mail
everplast.net. IN TXT "v=spf1 a mx include:everplast.com.tw include:e-plast.com.tw ~all"
mail IN A 192.168.0.251
mail IN MX 10 mail
mail.everplast.net. IN TXT "v=spf1 a -all"
_domainkey.everplast.net. IN TXT "t=y;o=~;"
key1._domainkey.everplast.net. IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNPwPm7Q/OONldTMPV8pkXbmSXqxyMCGbQu9bBqK8HtsNZzqxE1kyFCiQ/7BJ6W9CK82pOtP97Z8XyoEp2JDSxNkSTr/36kIaAkzmZhWpsNYhZLNhD707XunD27BpNWtDIMc2wdGMHUq3ErghUUuDkiC7pTNjz9L9E2Q+EzxXZpwIDAQAB"
;
-
編輯相關 mail domain name 清單
vi /etc/mail/dkim/trusted-hosts mail.everplast.net
everplast.net
mail.e-plast.com.tw
e-plast.com.tw
mail.everplast.com.tw
everplast.com.tw
localhost
127.0.0.1
-
修改 /etc/dkim-filter.conf
vi /etc/dkim-filter.conf :
Canonicalization simple/simple
:
Domain everplast.net
:
KeyFile /etc/mail/dkim/keys/everplast.net/key1
:
Selector key1
:
Socket inet:8891@localhost
:
Mode sv
:
InternalHosts /etc/mail/dkim/trusted-hosts
:
當發現時常因為驗簽章失敗退別人的信, 想關閉驗簽失敗退信的功能可修改一下參數: :
On-Default reject
On-BadSignature accept
On-DNSError tempfail
:
-
修改 /etc/mail/dkim/keylist
vi /etc/mail/dkim/keylist :
*@everplast.net:everplast.net:/etc/mail/dkim/keys/everplast.net/key1
-
啟動 dkim-milter 服務
service dkim-milter start
chkconfig dkim-milter on
-
更改 sendmail 使用 dkim 服務
vi /etc/mail/sendmail.mc :
:
INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8891@localhost') cd /etc/mail
mv sendmail.cf sendmail.cf.back1
m4 sendmail.mc > sendmail.cf
-
重新啟動 MailServer
service MailScanner restart
来源:http://www.ichiayi.com/wiki/tech/install_spf_dkim |